Stress and fatigue over possible data breaches are understandably natural, as cybersecurity issues remain a top concern of business owners, employees, and consumers worldwide.

A U.S. Small Business Administration survey showed that 88 percent of small business owners believe they are vulnerable to cyber attacks. And, just hearing about ransomware attacks, not to mention other types of security incidents, can be stressful for digital users, according to research from global cybersecurity firm Kaspersky.

News of data breaches stressed out 69 percent of respondents in a 2021 survey, the company reported. Further, the survey revealed digital “users felt more stress from data breaches, ransomware, and security incidents than they did from other events in their lives,” according to a post by David Bisson on Security Intelligence.

A study in 2020 showed similar results. According to Cisco’s 2020 Consumer Privacy Study, 87 percent of respondents conveyed some degree of alarm about how much protection is provided by the tools and software used to work, communicate and connect virtually.

Raising awareness around privacy and data protection is so necessary that Jan. 28 is set aside every year as Data Privacy Day, observed in the U.S., Canada, Israel, and 47 European countries. Jan. 29 also acknowledges the 1981 signing of Europe’s Convention 108, the first legally binding international treaty involving privacy and data protection.

Here’s a look at why the annual reminder to be aware is needed and best practices for protecting your company’s data as well as the personal data of your customers, vendors, and employees.

Protecting Your Customer Data

One aspect of IT that has gotten more mainstream attention than any other over the past year is cybersecurity, says Keara Dowd, web editor for BizTech.

“Several high-profile ransomware attacks put organizations of all sizes and across all industries on high alert as bad actors took advantage of businesses’ quick shifts to remote work,” she writes in a BizTech blog.

“For an industry such as retail, this increased threat has been paired with growing scrutiny over how customer data is handled.”

That’s why retailers should put data privacy at the heart of their IT strategy, Dowd says.

She pointed to government guidelines that can help define these strategies, ranging from low-level solutions such as multifactor authentication to AI-powered alert tools.

The E-Commerce Threat

A pre-Black Friday check by Kaspersky, the global cybersecurity firm, showed a spike in phishing attacks mimicking e-payment pages in the run-up before the busy retailer shopping season.

From January through October 2021, Kaspersky says, its products identified more than 40 million incidents of phishing attacks that targeted e-commerce platforms, which included banking institutions.

The number of financial phishing attacks disguised as e-payment systems jumped significantly from September at 627,560 to October 2021 at 1,935,905, representing a 208% increase.

“The sales season attracts the attention of shoppers and retailers, however it is also a favorite of cybercriminals who look to cash in by creating fake pages mimicking the biggest retail platforms and e-payment systems,” the report says.

Be Strategic

Small business owners need to understand the vulnerabilities of their business, along with the available resources to help them prevent, identify and respond to an attack, says entrepreneur Fabi Hubschmid, co-founder and COO of the global small business directory and verification platform, Markaaz.

He says one of the key best practices is to immediately install software updates and patches, developed to address the latest known threats and vulnerabilities.

“These are timely operating system updates and patches to software applications are crucial to protecting company assets,” Hubschmid advises in a Forbes Council blog.

Pay Strict Attention to Passwords

IT and cybersecurity specialists say using strong passwords and protecting them from disclosure remains one of the best ways to protect your company and customer data.

“With more employees working remotely, and in some cases using personal devices for work, employees must keep personal and work passwords separate to reduce the risk of unauthorized access to their company’s data and systems,” Hubschmid says in the Forbes blog.

Also, be aware of suspicious activity, such as emails and website links from unknown sources.

Layer Your Security Controls

Look at cyber safety controls like a blanket, says Stephanie Benoit-Kurtz, Lead Cybersecurity Faculty at the University of Phoenix and Principal Security Consultant at Trace3.

“Cybersecurity provides layers of different technologies and processes that protect users,” she says in a SCORE blog interview with Rieva Lesonsky. “Training, VPN software, endpoint protection, and hotspots all greatly reduce risk and can be implemented without a large IT staff.”